#60: Firefox: Don't increase fingerprint by adding "Fedora" to user agent -------------------------+-------------------- Reporter: genodeftest | Owner: Status: new | Priority: minor Component: General | Resolution: Keywords: | -------------------------+--------------------

Comment (by mattdm):

I guess I have no strong feelings here either way. Or rather, I have strong feelings on the theoreticals, but they're basically canceled out by the practicals.

On the one hand, I'm in support of user privacy, and part of Fedora's vision statement is "people control their content and devices" — and it's a reasonable argument that privacy concerns like this one fall under that.

But, as a practical matter as noted in bug #1190774, there's so much leaking out of Firefox and Fedora in general that it seems odd to fixate on this one thing. Fingerprinting via plugins and fonts are already likely to be more specific for tracking, and probably can be used by malicious actors to identify Fedora systems with high confidence anyway.

On the other hand, the goal of having a better picture of Fedora desktop use in the wild *is* strategically valuable; it's hard to improve what you can't measure, and we can't get to our vision at all if the project doesn't succeed. (If Fedora is ultra-private and no one is using it, that's not really a win!)

But, as a practical matter *there*, the primary place where the user agent was going to be useful was in large third-party sites like Wikipedia disclosing their user agent count information. Wikipedia doesn't do that anymore. We can count on our *own* sites, but that isn't much value. So, without a good source of actual measurable information, eh, it's not buying us much.

So, yeah: there's two strong, opposing theoretical points. But, practically, I don't think it really makes much difference either way.

#60: Firefox: Don't increase fingerprint by adding "Fedora" to user agent -------------------------+-------------------- Reporter: genodeftest | Owner: Status: new | Priority: minor Component: General | Resolution: Keywords: | -------------------------+--------------------

Comment (by smooge):

I agree with Matthew that if people are focused on privacy for their usage, the user-agent string is not the place to focus on.

1. Most analytical tools are much more sophisticated than they were 4 years ago via javascript, fonts, page response time, and other factors to pinpoint what a person is using.

2. We aren't the only distribution putting in a branding for their usage. Ubuntu and Android (who have the lion share of Linux usage) have put in their brands for years.

Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0 Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Mozilla/5.0 (X11; Arch Linux i686; rv:2.0) Gecko/20110321 Firefox/4.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009031915 Gentoo Firefox/3.0.7 Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)

* I will point out that the last three are clearly old versions when distros were putting strings in at one point. This was dropped at some point as a trend, and the trend is going the other way.

3. Many other packages have leaked data about usage for years. [ x86_64 -redhat-linux-gnu ] Various other browsers have been branded for years.

My main point is that not having a user-agent string stands out as much as having one. Just having the Linux in it says you are ~2% of the population. Not having the Ubuntu string says you are of a 20-40% of the Linux user space. If you aren't using various privacy enhancing tools you can be quickly fingerprinted further down. But on the other hand if you are using many privacy tools you are also fingerprinted because not having data like the vast majority of users makes you stand out.

So if we are really wanting to enhance privacy we need to make our user agent string:

Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

#60: Firefox: Don't increase fingerprint by adding "Fedora" to user agent -------------------------+-------------------- Reporter: genodeftest | Owner: Status: new | Priority: minor Component: General | Resolution: Keywords: | -------------------------+--------------------

Comment (by mattdm):

Replying to [comment:4 genodeftest]:

Plugins are highly discouraged and mostly gone. There is no use in

browser plugins left. Whoever is using plugins probably doesn't care about security or privacy anyway.

On my Fedora 23 system right now, I have:

"Plugin 0: Evince Browser Plugin; The a href=http:wiki.gnome.orgAppsEvinceEvincea 3.18.2 plugin handles documents inside the browser window.; libevbrowserplugin.so. Plugin 1: Gnome Shell Integration; This plugin provides integration with Gnome Shell for live extension enabling and disabling. It can be used only by extensions.gnome.org; libgnome-shell-browser-plugin.so. Plugin 2: IcedTea- Web Plugin using IcedTea-Web 1.6.2 fedora-1.fc23-x86_64; The a href=http:icedtea.classpath.orgwikiIcedTea-WebIcedTea-Web Plugina executes Java applets.; IcedTeaPlugin.so. Plugin 3: iTunes Application Detector; This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox.; librhythmbox-itms-detection-plugin.so. "

Notice that IcedTea helpfully also notes that it's Fedora.

#60: Firefox: Don't increase fingerprint by adding "Fedora" to user agent -------------------------+-------------------- Reporter: genodeftest | Owner: Status: new | Priority: minor Component: General | Resolution: Keywords: | -------------------------+--------------------

Comment (by smooge):

Whether or not these plugins should be enabled or not is out of scope of what you are asking the council. Please focus what you are wanting from the council to a simple policy question as in: Should Fedora packages and engineering default to a high level of privacy? Who should define what "high level of privacy" means, and who should enforce it? [I am only offering that as an example. However it is clearer and broader than the above.]

Those are things that the council can work towards answering and come to a consensus towards.

#60: Firefox: Don't increase fingerprint by adding "Fedora" to user agent -------------------------+-------------------- Reporter: genodeftest | Owner: Status: new | Priority: minor Component: General | Resolution: Keywords: | -------------------------+--------------------

Comment (by smooge):

It needs to be general because the Council isn't meant to dictate technical policy. It is meant to dictate general policy that groups like FESCO etc can build technical policy around.

The reason it needs to be generalized is that if Firefox has to alter its string but Konqueror/Epiphany/Seamonkey/curl/wget/lynx doesn't then are we actually helping user privacy? If we just remove a user agent string but don't deal with how modern fingerprinting is done.. are we actually helping user privacy or just doing a political lie.

Also it will help clarify why the string is there and who it is to help. Fedora may not be selling user PII for profit, but we have multiple sponsors who are looking for ways to know that their sponsorship 'has value'. For example, most of the webservers that deliver our content are from various ISP's who don't know why they should be sponsoring Fedora. Several have asked us for ways to distinguish Linux browsers down to the ones they are sponsoring without having to use the more invasive PII stealing fingerprinting analytics. Various other potential sponsors for projects and conventions have also asked how can they measure value? There may be other reasons also. Those reasons have to be weighed in the open and clearly as to better determine an overall privacy policy.

#60: Firefox: Don't increase fingerprint by adding "Fedora" to user agent -------------------------+-------------------- Reporter: genodeftest | Owner: Status: new | Priority: minor Component: General | Resolution: Keywords: | -------------------------+--------------------

Comment (by misc):

Sure, we need more to do a proper protection, but if we can't even do the simpler change because we prefer easing the tracking of users by a 3rd party that give us metrics (even if that 3rd party is wikipedia), it really send the message that privacy is not a priority at all.

And the example of ISP sponsoring Fedora is a bit curious.

Either they sponsor hosting, so websites under the control of Fedora team (and so, sharing logs seems to be against the privacy policy, so I suspect we don't).

Or they sponsor a mirror, and I suspect they already have the path of downloaded file, and it is quite obvious that Fedora rpms and artefacts are downloaded by Fedora users, so we do not need specific tracking in curl or firefox for that.

Also, where where theses requests for tracking made, cause I didn't see that in the tickets, but I get lot of mails, so I may have missed it. I would be quite interested to see if their requests are in line with European laws, and act in accordance to it.